| Message ID | 20250411101602.1656234-1-clara.kowalsky@siemens.com |
|---|---|
| State | New |
| Headers | show |
| Series | [RFC,v2] fix: rebuild rootfs on change of USERS | expand |
On 11.04.25 12:16, Clara Kowalsky wrote: > In case a change to the Isar created users is done, this currently > only re-triggers the do_rootfs_postprocess task. This task changes the > rootfs (e.g. home dirs are moved) and by that needs to operate on a > clean one. Otherwise old homedirs might still remain in the final rootfs > or move operations are not possible. > > We fix this by ensuring that the do_rootfs_install task is executed > whenever a change to USERS is done. By that, we enter the > do_rootfs_postinstall with a clean rootfs. > > Signed-off-by: Clara Kowalsky <clara.kowalsky@siemens.com> > --- > meta/classes/image-account-extension.bbclass | 14 +++++++++----- > 1 file changed, 9 insertions(+), 5 deletions(-) > > diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass > index ea956cd5..1c664be0 100644 > --- a/meta/classes/image-account-extension.bbclass > +++ b/meta/classes/image-account-extension.bbclass > @@ -11,11 +11,11 @@ GROUPS ??= "" > python() { > for entry in (d.getVar("GROUPS") or "").split(): > group_entry = "GROUP_{}".format(entry) > - d.appendVarFlag("image_postprocess_accounts", "vardeps", " {}".format(group_entry)) > + d.appendVarFlag("image_postprocess_groups", "vardeps", " {}".format(group_entry)) > > for entry in (d.getVar("USERS") or "").split(): > user_entry = "USER_{}".format(entry) > - d.appendVarFlag("image_postprocess_accounts", "vardeps", " {}".format(user_entry)) > + d.appendVarFlag("image_postprocess_users", "vardeps", " {}".format(user_entry)) > } > > def image_create_groups(d: "DataSmart") -> None: > @@ -137,10 +137,14 @@ def image_create_users(d: "DataSmart") -> None: > if "force-passwd-change" in flags: > bb.process.run([*chroot, "/usr/bin/passwd", "--expire", entry]) > > +ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_groups" > +ROOTFS_INSTALL_COMMAND += "image_postprocess_users" > +image_postprocess_groups[vardeps] += "GROUPS" > +image_postprocess_users[vardeps] += "USERS" > > -ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" > -image_postprocess_accounts[vardeps] += "USERS GROUPS" > -python image_postprocess_accounts() { > +python image_postprocess_groups() { > image_create_groups(d) > +} > +python image_postprocess_users() { > image_create_users(d) > } This is still not ideal, as old home directories are not removed when removing the create-home flag or setting another directory via USER_foo[home] = <x>. BR, Clara
On Fri, 2025-04-11 at 12:18 +0200, Clara Kowalsky wrote: > > > On 11.04.25 12:16, Clara Kowalsky wrote: > > In case a change to the Isar created users is done, this currently > > only re-triggers the do_rootfs_postprocess task. This task changes > > the > > rootfs (e.g. home dirs are moved) and by that needs to operate on a > > clean one. Otherwise old homedirs might still remain in the final > > rootfs > > or move operations are not possible. > > > > We fix this by ensuring that the do_rootfs_install task is executed > > whenever a change to USERS is done. By that, we enter the > > do_rootfs_postinstall with a clean rootfs. > > > > Signed-off-by: Clara Kowalsky <clara.kowalsky@siemens.com> > > --- > > meta/classes/image-account-extension.bbclass | 14 +++++++++----- > > 1 file changed, 9 insertions(+), 5 deletions(-) > > > > diff --git a/meta/classes/image-account-extension.bbclass > > b/meta/classes/image-account-extension.bbclass > > index ea956cd5..1c664be0 100644 > > --- a/meta/classes/image-account-extension.bbclass > > +++ b/meta/classes/image-account-extension.bbclass > > @@ -11,11 +11,11 @@ GROUPS ??= "" > > python() { > > for entry in (d.getVar("GROUPS") or "").split(): > > group_entry = "GROUP_{}".format(entry) > > - d.appendVarFlag("image_postprocess_accounts", "vardeps", " > > {}".format(group_entry)) > > + d.appendVarFlag("image_postprocess_groups", "vardeps", " > > {}".format(group_entry)) > > > > for entry in (d.getVar("USERS") or "").split(): > > user_entry = "USER_{}".format(entry) > > - d.appendVarFlag("image_postprocess_accounts", "vardeps", " > > {}".format(user_entry)) > > + d.appendVarFlag("image_postprocess_users", "vardeps", " > > {}".format(user_entry)) > > } > > > > def image_create_groups(d: "DataSmart") -> None: > > @@ -137,10 +137,14 @@ def image_create_users(d: "DataSmart") -> > > None: > > if "force-passwd-change" in flags: > > bb.process.run([*chroot, "/usr/bin/passwd", "-- > > expire", entry]) > > > > +ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_groups" > > +ROOTFS_INSTALL_COMMAND += "image_postprocess_users" > > +image_postprocess_groups[vardeps] += "GROUPS" > > +image_postprocess_users[vardeps] += "USERS" This moves the whole user creation to the rootfs_install task, which also means that the result of the user creation is reflected in the sstate cache (which might be ok, though). But I'm wondering if that is logically correct, as IIRC the groups have to be created before the users are created. A more subtle change (based on my patch "fix: rebuild rootfs on change of USERS") would be to just add USERS as well as all USERS_<x> variables to the vardeps of do_rootfs_install. This should also solve your case from below, as a removed user always means a change to the USERS variable. I'll try to come up with this in a v2 of my patch. Felix > > > > -ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" > > -image_postprocess_accounts[vardeps] += "USERS GROUPS" > > -python image_postprocess_accounts() { > > +python image_postprocess_groups() { > > image_create_groups(d) > > +} > > +python image_postprocess_users() { > > image_create_users(d) > > } > > This is still not ideal, as old home directories are not removed when > removing the create-home flag or setting another directory via > USER_foo[home] = <x>. > BR, > Clara
diff --git a/meta/classes/image-account-extension.bbclass b/meta/classes/image-account-extension.bbclass index ea956cd5..1c664be0 100644 --- a/meta/classes/image-account-extension.bbclass +++ b/meta/classes/image-account-extension.bbclass @@ -11,11 +11,11 @@ GROUPS ??= "" python() { for entry in (d.getVar("GROUPS") or "").split(): group_entry = "GROUP_{}".format(entry) - d.appendVarFlag("image_postprocess_accounts", "vardeps", " {}".format(group_entry)) + d.appendVarFlag("image_postprocess_groups", "vardeps", " {}".format(group_entry)) for entry in (d.getVar("USERS") or "").split(): user_entry = "USER_{}".format(entry) - d.appendVarFlag("image_postprocess_accounts", "vardeps", " {}".format(user_entry)) + d.appendVarFlag("image_postprocess_users", "vardeps", " {}".format(user_entry)) } def image_create_groups(d: "DataSmart") -> None: @@ -137,10 +137,14 @@ def image_create_users(d: "DataSmart") -> None: if "force-passwd-change" in flags: bb.process.run([*chroot, "/usr/bin/passwd", "--expire", entry]) +ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_groups" +ROOTFS_INSTALL_COMMAND += "image_postprocess_users" +image_postprocess_groups[vardeps] += "GROUPS" +image_postprocess_users[vardeps] += "USERS" -ROOTFS_POSTPROCESS_COMMAND += "image_postprocess_accounts" -image_postprocess_accounts[vardeps] += "USERS GROUPS" -python image_postprocess_accounts() { +python image_postprocess_groups() { image_create_groups(d) +} +python image_postprocess_users() { image_create_users(d) }
In case a change to the Isar created users is done, this currently only re-triggers the do_rootfs_postprocess task. This task changes the rootfs (e.g. home dirs are moved) and by that needs to operate on a clean one. Otherwise old homedirs might still remain in the final rootfs or move operations are not possible. We fix this by ensuring that the do_rootfs_install task is executed whenever a change to USERS is done. By that, we enter the do_rootfs_postinstall with a clean rootfs. Signed-off-by: Clara Kowalsky <clara.kowalsky@siemens.com> --- meta/classes/image-account-extension.bbclass | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-)